Client proceeds in handshake after receiving consecutive CertificateRequest messages

[pfg666]

Non-conformance bug

The Contiki-NG TinyDTLS client proceeds in a handshake after receiving two distinct CertificateRequest messages. A similar issue was posted for eclipse's TinyDTLS. Below is the capture of the non-conforming behavior taken on my machine. Note that the CertificateRequest messages are distinct (their message_seq differs). Hence the client should have rejected the second CertificateRequest and not proceeded with the handshake.

Steps to Reproduce
I attached files necessary for reproduction using DTLS-Fuzzer, a Java-based tool for testing DTLS libraries. Also included in the archive is a capture of the interaction show above. DTLS-Fuzzer requires the JDK for Java 8. On Ubuntu, this can be installed by running:
sudo apt-get install openjdk-8-jdk

Unpack the archive, cd to resulting folder and run bash reproduce.sh, while running an instance of Wireshark on the side. The reproduction script will:

• setup Contiki-NG TinyDTLS and DTLS-Fuzzer
• launch the TinyDTLS client using the 'tests/dtls-client utility;
• launch DTLS-Fuzzer to execute the input sequence 'test_sequence' which exposes the bug.

Thanks!

reproduction.tar.gz

[mrybczyn]

This has been fixed by eclipse-tinydtls/tinydtls@dd62e91 in Eclipse TinyDTLS